class UsersController < ApplicationController

  # before_filter :require_no_user, :only => [:new, :create]
  before_filter :require_user
  # GET /users
  # GET /users.xml
  def index
    authorize! :read, User 
    @search = User.search(params[:search])
    @search.meta_sort ||= 'id.asc'
    @users = @search.paginate(:per_page => 5,:page => params[:page])
    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @users }
    end
  end

  # GET /users/1
  # GET /users/1.xml
  def show
    authorize! :read, User
    @user = User.find(params[:id])
    @read_only = true
    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/new
  # GET /users/new.xml
  def new
    authorize! :create, User
    @user = User.new
    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @user }
    end
  end

  # GET /users/1/edit
  def edit
    authorize! :update, User
    @user = User.find(params[:id])
  end

  # POST /users
  # POST /users.xml
  def create
    authorize! :create, User
    @user = User.new(params[:user])
    @user.user_log = current_user.login
    respond_to do |format|
      if @user.save
        format.html { redirect_to(@user, :notice => 'User was successfully created.') }
        format.xml  { render :xml => @user, :status => :created, :location => @user }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /users/1
  # PUT /users/1.xml
  def update
    authorize! :update , User
    @user = User.find(params[:id])
    @user.user_log = current_user.login
    respond_to do |format|
      if @user.update_attributes(params[:user])
        format.html { redirect_to(@user, :notice => 'User was successfully updated.') }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.xml
  def destroy
    authorize! :destroy , User
    @user = User.find(params[:id])
    @user.user_log = current_user.login
    @user.destroy
    respond_to do |format|
      format.html { redirect_to(users_url) }
      format.xml  { head :ok }
    end
  end
end
